1. Red Hills
Hyderabad-500004
+91-9885288664
charan.cool92@gmail.com
SAI CHARAN MUKKAMALA
OBJECTIVE To resideinto the latestworld of technology as a person who caress it,loves it, tests itand
importantly secures it.Ready to move with a group of security experts or as an individual
security engineer to make the world secure.
WORK HISTORY INFORMATION SECURITY ANALYST, ENTERSOFT INFORMATION SYSTEMS, HYDERABAD, AP
08th Jul 2013 – TILL DATE
FULL TIME SECURITY RESEARCHER, SYNACK RED TEAM, REDWOOD CITY, USA.
15th Jan 2015 – TILL DATE
INDEPENDENT SECURITY RESEARCHER, HACKERONE, SAN FRANCISCO, CALIFORNIA, USA.
10th Oct 2013 – TILL DATE
INDEPENDENT SECURITY RESEARCHER, BUGCROWD INC, SAN FRANCISCO, CALIFORNIA, USA.
10th Oct2013 – TILL DATE
WORK EXPERIENCE INFORMATION SECURITY ANALYST, ENTERSOFT INFROMATION SYSTEMS, HYDERABAD, AP.
08thJuly 2013 – TILL DATE
As I grown up with computers, itdeveloped deep interestin the fields of computers, networks
and I spend a lot of time searchinganswers for theunknown and making way to get evolve
myself as a Security Professional.
When I kick started my career with Entersoft in 2013 I got a zeal to learn,to implement a lotof
new things and the best way I found is to implement whatever you learntthrough a trial and
error mechanism with all thepossiblescenarios.
There are so many methods out there availablefor conductinga penetration test againstthe
target application or networks, but developing own methodology is the crucial partone would
come across in thesecurity domain.I builtmy own methodology for all kinds of penetration
tests whether the target might be a web application or a wireless network.
With core in depth knowledge in security domain I can perform the following
1. Web Application Penetration Testing
a. Web Server Auditing
b. DatabaseServer Auditing
c. Application SourceCode Review
d. Core Business Logic Testing
2. MobileApplication Penetration Testing
2. a. IOS mobile application penetration testing
b. Android mobile application penetration testing
3. Network Penetration Testing
a. Discoveringall thedevices over the network
b. Enumerating all the applicationsinstalled and services runningon all thedevices.
c. Followingown potential methods to find vulnerabilities in all theapplications,
operatingsystem kernels and services runningin the target machines.
d. If vulnerable,I will be implementing the post exploitation process to makesure
how severe the vulnerability is? and whatcan be exploited further?
e. Implementing fix for all the vulnerabilities found across thetarget.
Knowledge Transfer sessionsatEntersoftplayed a prominent rolein developing my knowledge
where developers and security experts sitback,relax and talks to each other regardingthe
current market of Information Security likenews regardingthe latestdevelopments, technology
trends, attacks,etc.
I got habituated to researchingnew things in the internet and through which I gained a lot of
information regardingthelatestsecurity threats, exploitingknown vulnerabilities,etc.
As partof my client’s projectme alongwith another 2 colleagues atEntersoft developed a
network security tool EnShield.
The tool EnShield is capableof
1. Scanningthe whole network over the organization and collects all theinformation
regardingthe computers being used. The tool collects information regarding theip
address,hostname, services,banners and versions of runningservices,open ports,
operatingsystem, etc.
2. The soleadmin of EnShield can control each and every system connected over the
LAN/WLAN.
3. The admin can block a particular servicefor a particular systemata particulartime.
4. Redirects the whole network through an additional secondary network in caseif the
firewall detects an intruder insidethe organization.
PROFESSIONAL
ACHIEVEMENTS
OFFENSIVE SECURITY CERTIFIED PROFESSIONAL (OSCP)
I have completed OSCP which is one of the best certificationsfor the
professionalswith information security as the main background.
SECURITY RESEARCHER
I have participated in many more privateweb application bugbounty
programs and received several rewards,swags and recognized as a white hat
hackers on their whilehat list.
3. HALL OF FAME FOR REPORTING VULNERABILITIES IN THE BELOW WEB
APPLICATIONS.
1. AT&T
2. Western Union (2 flaws)
3. Humble Bundle (2 flaws)
4. StopTheHacker (2 flaws)
5. METRO Group (2 flaws)
6. Openfolio (2 flaws)
7. Bugcrowd (2 flaws)
8. Peerlyst (2 flaws)
9. Indeed (3 flaws)
10. oDesk (2 flaws)
11. ExpressionEngine(2 flaws)
12. ANCILE SOLUTIONS
13. CrowdCurity
14. BlockChain
15. Facebook
16. Volusion
17. Heroku
18. Aptible
19. Twilio
20. Medium
21. WHMCS
22. Tagged
23. Square
24. Block.io
25. ZenCash
26. CodePen
27. Todoist
28. Sellfy
29. Ello
30. Fluxiom
31. doorkeeperhq
32. SoundCloud
33. Librato
34. getdpd
35. viadeo
36. Gliph
SKILLS I have a brief idea about all the architectures of all theoperatingsystems.
I got good knowledge in interactingwith all theOS’s.
I am thorough enough to communicate with all kinds of servers,routers,
switches,proxies,VPN’s.
I can implement changes to or I can design and develop new proxies,proxy
configurations,proxy rules,firewalls,firewall configurations,firewall rules.
I am good atimplementing network connections between servers for better
communication.
I got good experience in usingall of the automated tools out there for
conductingpenetration testing over a network, web applicationsor a mobile
application.
I got good reporting skills which makes the fixingprocess faster and reliable.
4. EDUCATION BACHELOR IN COMPUTER SCIENCE, JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY,
KAKINADA. [2009-2013]
I have completed my bachelor degree in Computer Science Engineering with aggregate of
65.84% alongwith special interestin the followingsubjects.
1. ObjectiveC and Data Structures(C&DS)
2. Advanced Data Structures(ADS)
3. Principles of ProgrammingLanguages(PPL)
4. DatabaseManagement Systems(DBMS)
5. Software TestingMethodologies(STM)
6. Computer Organization(CO)
7. Computer Networks(CN)
8. Computer Graphics(CG)
9. Compiler Design(CD)
10. Object Oriented Analysis& Design(OOAD)
Presented papers on the followingtopics:
1. Cloud Computing and Security
2. Information Security and Ethical Hacking
3. Social Engineering - How to get protected from Black Hat Hackers
SSC, BHASHYAM PUBLIC SCHOOL, GUNTUR. [2005-2007]
I have completed my SSC with state syllabusand achieved aggregateof 79.86% with special
interest in the followingsubjects.
1. General Physics
2. Biology
3. Social Studies
REFERENCES SRI CHAKRADHAR K
CIO,Entersoft Information Systems Pvt Ltd.
+91-9502003777